diff --git a/README.md b/README.md index a701be1..8ab5059 100644 --- a/README.md +++ b/README.md @@ -5,14 +5,18 @@ # haraka-plugin-dns-lists -## dns block lists +## dns lists -Looks up the connecting IP address in an IP list. Remote hosts found in the list are rejected. +Looks up the IP address of the remote host in a IP list(s). There are several types of DNS based lists: +### block -## dns allow lists +Block lists (aka: DNSBL) are designed to be used for blocking mail from any host listed in them. Block lists are the most common DNS list type and lists without a type specifier are considered block lists. The default action for block lists is the reject the connection. This can be changed by setting `reject=false` in the zone's settings block. -Looks up the connecting IP address in an IP list. When an IP matches, this plugin returns OK for all hooks up to hook\_data. + +### allow + +When the remote IP is found in an allow list, this plugin returns OK for the ehlo, helo, and mail hooks. IMPORTANT! The order of plugins in config/plugins is important when this feature is used. It should be listed *before* any plugins that you wish to skip, but after any plugins that accept recipients. @@ -39,28 +43,20 @@ dns-lists.ini - INI format with options described below: #### [main] periodic_checks=30 - If enabled, this will check all the zones every n minutes. The minimum value that will be accepted here is 5. Any value less than 5 will cause the checks to be run at start-up only. - - The checks confirm that the list is responding and that it is not listing the world. If any errors are detected, then the zone is disabled and will be re-checked on the next test. If a zone subsequently starts working correctly then it will be re-enabled. - - -* [block] zones +Check every DNS zone every `N` minutes. When the value is less than 5, checks will only be run at start-up. - A comma or semi-colon list of zones to query. +The checks confirm that lists are responding correctly. When errors are detected, the zone is disabled and will be checked at the next interval. When a zone resumes working correctly it will be enabled. -* search: (default: first) - first: consider first DNSBL response conclusive. End processing. - all: process all DNSBL results +#### [main] zones +An array or comma separated list of zones to query. -* reject (default: true) - Reject connections from IPs that are blacklisted. Setting this to false - makes dnsbl informational. reject=false is best used in conjunction with - plugins like [karma](/manual/plugins/karma.html) that employ a scoring - engine to make choices about message delivery. +#### [main] search: (default: all) +- first: consider first DNSBL response conclusive. End processing. +- all: process all DNSBL results #### [stats] enable=true @@ -92,9 +88,19 @@ dns-lists.ini - INI format with options described below: 6) "1" -* [stats] redis\_host +#### [stats] redis\_host - In the form of `host:port` this option allows you to specify a different host on which redis runs. +In the form of `host:port` this option allows you to specify a different host on which redis runs. + + +### Per-Zone DNS list settings + +The exact name of the DNS zone (as specified above in main.zones) may contain settings about that DNS list. + +* type=[ block, allow, karma ] +* reject (default: true) +Reject connections from IPs on block lists. Setting this to false makes dnsbl informational. reject=false is best used in conjunction with plugins like [karma](/manual/plugins/karma.html) that employ a scoring engine to make choices about message delivery. +* ipv6=true | false diff --git a/test/dns-list.js b/test/dns-list.js index 416480d..76b0741 100644 --- a/test/dns-list.js +++ b/test/dns-list.js @@ -86,7 +86,7 @@ describe('check_zone', function () { }) describe('check_zones', function () { - this.timeout(7000) + this.timeout(9000) it('tests each block list', async function () { await this.plugin.check_zones(6000);